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IN THE CLAIMS: 

1 . (Currently Amended) A method of controlling access to computer system 
resources based on permissions > comprising: 

receiving a request for access to a computer system resource; 

determining if a superclass permission of a required permission is present in each 
protection domain of an access control contex t, wherein the superclass permission is a 
super class of the required permission: 

adding the required permission to a permission collection if the superclass 
permission of the required permi ssion is present in each protection domain of the access 
control context; and 

granting access to the resource if the superclass permission of the required 
permission is present in each protection domain of the access control context 

2. (Original) The method of claim 1 , wherein the request is received from bytecode. 

3. (Original) The method of claim I, further comprising: 

determining the required permission based on a CodeSource associated with the 
request; and 

determining the superclass permission of the required permission based on the 
required permission, 

4. (Original) The method of claim 1 , wherein determining if a superclass permission 
of a required permission is present in each protection domain includes determining if at 
least one permission collection in each protection domain includes the superclass 
permission. 

5. (Original) The method of claim 1 , wherein adding the required permission to a 
penuission collection includes creating a new permission collection and adding the 
required permission to the new permission collection. 
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6. (Original) The method of cjaim 5, wherein adding the required permission to a 
permission collection further includes adding any subclass permissions of the required 
permission to the new permission collection. 

7. (Original) The method of claim 1 , further comprising retrieving the access 
control context for a thread of execution that sent the request for access to the computer 
system resource. 

8. (Original) The method of claim 1 y wherein adding the required permission to a 
permission collection includes adding the permission to a permission collection 
associated with the superclass permission. 

9. (Original). The method of claim 1 , wherein the steps of determining if a 
superclass permission of a required permission is present in each protection domain of an 
access control context, and adding the required permission to a permission collection if 
the superclass permission of the required permission is present in each protection domain 
of an access control context are performed by a method called by the required permission 
in response to an implies method operating on the required permission, 

10. (Original) The method of claim 3, wherein the steps of determining the required 
permission based on a CodeSource associated with the request and determining the 
superclass permission of the required permission based on the required permission are 
performed based on a security policy file. 

1 1 . (Currently Amended) A computer program product in a computer readable 
medium for controlling access to computer system resources based on permissions, 
comprising: 

first instructions for receiving a request for access to a computer system resource; 

second instructions for determining if a superclass permission of a required 
permission is present in each protection domain of an access control contex t, wherein the 
superclass permission is a superclass of the required permission; 
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third instructions for adding the required permission to a permission collection if 
the superclass permission of the required permission is present in each protection domain 
of the access control context; and 

fourth instructions for granting access to the computer system resource if the 
superclass permission of the required permission is present in each protection domain of 
the access control context. 

12. (Original) The computer program product of claim 1 1 , wherein the request is 
received from bytecode. 

1 3. (Original) The computer program product of claim 1 1 , further comprising: 
fifth instructions for determining. the required permission based on a CodeSource 

associated with the request; and 

sixth instructions for determining the superclass permission of the required 
permission based on the required permission. 

14. (Original) Hie computer program product of claim 1 1 , wherein the second 
instructions for determining if a superclass permission of a required permission is present 
in each protection domain include instructions for determining if at least one permission 
collection in each protection domain includes the superclass permission. 

1 5. (Original) The computer program product of claim 11, wherein the third 
instructions for adding the required permission to a permission collection include 
instructions for creating a new permission collection and instructions for adding the 
required permission to the new permission collection. 

16. (Original) The computer program product of claim 1 5, wherein the third 
instructions for adding the required permission to a permission collection further include 
instructions for adding any subclass permissions of the required permission to the new 
permission collection. 
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1 7. (Original) The computer program product of claim 1 1 , further comprising fifth 
instructions for retrieving the access control context for a thread of executi on that sent the 
request for access to the computer system resource. 

1 8. (Original) The computer program product of claim 1 1 , wherein the third 
instructions for adding the required permission to a permission collection include 
instructions for adding the permission to a permission collection associated with the 
superclass permission. 

1 9. (Original) The computer program product of claim 11, wherein the second and 
third instructions are part of a method called by the required permission in response to an 
implies method operating on the required permission. 

20. (Original) The computer program product of claim 13, wherein the fifth and sixth 
instructions arc executed based on a security policy file. 

21. (Currently Amended) An apparatus for controlling access to computer system 
resources based on permissions, comprising: 

means for receiving a request for access to a computer system resource; 

means for determining if a superclass permission of a required permission is 
present in each protection domain of an access control contex t, wherein the superclass 
permission is a super class of the required permission ; 

means for adding the required permission to a permission collection if the 
superclass permission of the required permission is present in each protection domain of 
the access control context; and 

means for granting access to the computer system resource if the superclass 
permission of the required permission is present in each protection domain of the access 
control context. 

22. (Original) The apparatus of claim 21, wherein the request is received from 
bytecode. 
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23. (Original) The apparatus of claim 21, further comprising: 

means for determining the required permission based on a CodeSource associated 
with the request; aud 

means for determining the superclass permission of the required permission based 
on the required permission. 

24. (Original) The apparatus of claim 21 , wherein the means for detenrriiung if a 
superclass permission of a required permission is present in each protection domain 
includes means for determining if at least one permission collection in each protection 
domain includes the superclass permission. 

25 . (Original) The apparatus of claim 2 1 , wherein the means for adding the required 
permission to a permission collection includes means for creating a new permission 
collection and means for adding the required permission to the new permission 
collection. 

26. (Original) The apparatus of claim 25, wherein the means for adding the required 
permission to a permission collection further includes adding any subclass permissions of 
the required permission to the new permission collection. 

27. (Original) The apparatus of claim 21, further comprising means for retrieving the 
access control context for a thread of execution that sent the request for access to the 
computer system resource. 

28. (Original) The apparatus of claim 21 , wherein the means for adding the required 
permission to a permission collection includes means for adding the permission to a 
permission collection associated with the superclass permission. 

29. (Original) The apparatus of claim 21, wherein the means for determining if a 
superclass permission of a required permission is present in each protection domain of an 
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access control context, and the means for adding the required permission to a permission 
collection if the superclass permission of the required permission is present jn each 
protection domain of an access control context operate based on a method called by the 
required permission in response to an implies method operating on the required 
permission. 

30. (Original) The apparatus of claim 23, wherein the means for determining the 
required permission based on a CodeSource associated with the request and means for 
determining the superclass permission of the required permission based on the required 
permission operate based on a security policy file. 
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